CVE-2022-20649

8.1 HIGH
Published: November 15, 2024 Modified: April 15, 2026
View on NVD

Description

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq
Source: psirt@cisco.com
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO
Source: psirt@cisco.com
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe
Source: psirt@cisco.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.1 / 10.0
EPSS (Exploit Probability)
11.7%
94th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-489

Related CVEs

CVE-2025-46607 6.6
CVE-2025-46606 6.2
CVE-2025-46605 6.2
CVE-2026-6483 7.2
CVE-2026-5131 N/A